How difficult is it for an adversary to get in the middle of the TPM releasing the keys to LUKS? That’s why I would want attestation of some sort, but that makes it more complicated and thinking about how that would work in practice makes my head spin…
If I remember correctly, Leta search proxy is the anonymized search proxy from Mullvad. Users connect and do internet searches, Leta will search various engines and cache the results, anonymized, for some time (days I think?) and any users who perform the same search will receive the cached results from the other users previous searches.
DNS over HTTPS (DoH), which is Domain Name Service over Secure HyperText Transfer Protocol. HTTP is the technology the Web runs on. The S in HTTPS is the secured version of HTTP, it’s encrypted using TLS (originally was SSL, Secure Sockets Layer), Transport Layer Security.
DNS translates site names (e.g., www.google.com) into an IP (Internet Protocol) address (e.g., 8.8.8.8). DNS is an unencrypted protocol like HTTP. Adding in the Security component is somewhat tricky, but DoH is one of the ways, it just piggy backs on a tried and true secure transport technology that powers the web today.
The reason you would want to use DoH is to secure the domains you are accessing from (1) being intercepted and/or altered, e.g., someone poisoning the response and giving you a bad IP address for any number of reasons, and (2) snoops such as the WiFi provider you’re connected to or the Internet Service Provider (ISP) or cellular provider, or anyone else watching the unencrypted traffic.
Are you implying GP is MAGA type? I’m more wondering if they’re some type of bot. Every single comment is nearly identical in that style. I’ve learned to pi k it out and pretty much ignore the content of the comment at this point.
Is clevis using an attestation server or is it all on a single machine? I’m interested in getting this set up but the noted lack of batteries included for this in the common distros makes it a somewhat tall order.
I’m really not sure. I’ve heard of people using Ceph across datacenters. Presumably that’s with a fast-ish connection, and it’s like joining separate clusters, so you’d likely need local ceph cluster at each site then replicate between datacenters. Probably not what you’re looking for.
I’ve heard good things about Garbage S3 and that it’s usable across the internet on slow-ish connections. Combined with JuiceFS is what I was looking at using before I landed on Ceph.
I know Ceph would work for this use case, but it’s not a lighthearted choice, kind of an investment and a steep learning curve (at least it was, and still is, for me).
This is something that directly impacts Lemmy and all Fediverse. Section 230 makes the hosting provider not liable for things their users post as long as they remove offending material (I don’t know the specifics, IANAL). Eroding section 230 is like pulling the ladder up behind the behemoth providers like YouTube. New small time services will essentially be illegal.
Even just providing specifications and some documentation about the devices, someone might write a new driver. Reverse engineering is hard, having something to go off of means they can probably extend support from an existing driver fairly easily.
Sounds like they are refusing to show ID in a lot of cases (not sure if they refused here), so they are likely private citizens masquerading as officers.
How difficult is it for an adversary to get in the middle of the TPM releasing the keys to LUKS? That’s why I would want attestation of some sort, but that makes it more complicated and thinking about how that would work in practice makes my head spin…